(flickr.com/consumerist)

U.S. officials are still convinced that continuing denial of service (DDoS) attacks against American banks by the Izz ad-Din al-Qassam Cyber Fighters are cover for state-sponsored cyber sabotage by Iran, according to a report in today's New York Times.

The Times reports that the U.S. doesn't believe the hacking group's repeated claim they are targeting banks because the anti-Islam video Innocence of Muslims hasn't been taken off the Internet:

But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems. In the last three years, three sophisticated computer viruses — called Flame, Duqu and Stuxnet — have hit computers in Iran. The New York Times reported last year that the United States, together with Israel, was responsible for Stuxnet, the virus used to destroy centrifuges in an Iranian nuclear facility in 2010.

The U.S. has good reason to suspect state sponsorship. The al-Qassam cyber attacks have used compromised cloud computing services, which they infect with a malware package called "Itsoknoproblembro."

The malware turns infected servers into what researchers call "bRobots." Funny as the name might be, bRobots are serious business. A hacked data center filled with bRobots gives the attackers enough firepower to take down even the largest websites. As the Times reported, one bank with a substantial 40 gigabit Internet service was easily knocked offline, and others reported DDoS traffic peaks of up to 70 gigabits.

On Tuesday, the Izz ad-Din al-Qassam Cyber Fighters published a new post on Pastebin in which they said the attacks will continue. They offered a complex set of equations related to the current views and likes of Innocence of Muslims and wrote that the reasoning in allowing the video to remain on the web was "the result of direct role of Satan and evil shadow in Zionism spirit and approach of thinking."

As of Wednesday morning, the top four sites on "outage watch" at Site Down were Bank of America, Citibank, Capital One and Fifth Third Bank.

(flickr/mjtmail)

Firms specializing in technology security make it their business to scare potential customers, but that doesn't make an Internet Identity (IID) report predicting cyber doom in 2014, highlighted today by Ray Kurzweil's Accelerating Intelligence, any less spooky.

According to IID, looming cybersecurity threats in 2013--more mobile malware, increasingly aggressive hacktivism, attacks on the cloud--are "well-anticipated and mundane."

Those "mundane" threats are nothing next to the bleak wasteland of death and destruction IID expects in 2014:

[By] 2014 significant new methods of cybercrime will emerge. These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce. IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.

IID elaborated on "Murder By Internet Connected Devices" with scenarios that sound pretty plausible. They predicted that criminals could use pacemakers with remote connections, control systems on Internet-connected vehicles or even connected machines that control IV drips to potentially carry out long-distance, untraceable crimes.

It sounds like hyperbole, but pacemakers (for example) are already hackable, and as Forbes noted in this early December post about the reality of compromised medical equipment, Homeland has already used a hacked pacemaker as a plot device.

IID also warned about the dangers of NFC-enabled smart phones. NFC, or near-field communication, allows information exchange between compatible devices. It's pretty common on phones now but may one day even permit cars to talk to each other. Paul Ferguson, the company's vice president of Threat Intelligence, says NFC could be "a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money."

Additional threats IID believes may manifest in 2014 include an increase in state-sponsored malware, like Stuxnet, Flame and Duqu, a successful cyberattack on a power grid and an "exploit of a significant military assault system like drones."

Not directly mentioned but already in the wild: hackers already taking advantage of poorly-secured supervisory control and data acquisition (SCADA) systems which have easily cracked web administration pages. At the moment SCADA vulnerabilities might just cause discomfort and disruption, but in 2014's creepy killer web scenario, compromising a large-scale heating and cooling system might just be round one in an all-out infrastructure attack on a regional, even a national scale.

In posting a link to the Kurzweil write-up about IID's dire warnings, Quartz's Christopher Mims sounded the necessary note of caution needed after reading hints of a looming cyber-pocalypse:

Cybercriminals will straight-up kill you, says firm that profits massively by hyping threat. kurzweilai.net/murder-by-inte…

— Christopher Mims (@mims) January 4, 2013

Duly noted. However, if IID is correct, we've only got a year.

Cower and whimper accordingly.

This guy is everywhere now. (Image Devdsp on Flickr

Sometime last summer, hackers invaded a New Jersey company's web-accessible heating and air-conditioning systems using a gaping security hole in the system's supervisory control and data acquisition (SCADA) software.

Ars Technica reports that an IT contractor who works with the business informed F.B.I. agents investigating the breach that controls for the HVAC system were "directly connected to the Internet" and there was no "interposing firewall."

The backdoor into the controls is found in some versions of the Niagara AX Framework, software that controls similar systems at the Pentagon and the Federal Bureau of Investigation. An F.B.I. memo issued in July said any hacker who found their way into the nameless New Jersey company's Niagara controls would have been able to learn the same information available to a systems administrator, such as "a floor plan layout of the office, with control fields and feedback for each office and shop area." The web interface wasn't even password-protected.

Information about these flaws in Niagara systems has been public knowledge among hackers for some time. In a blog post published in an Anonymous-associated blog on January 19, 2012, a hacker using the name @ntisec listed vulnerable Niagara web servers all over the world.

The hacker prefaced the list by explaining that he or she had learned of the vulnerability from a Dutch technology site and then found vulnerable pages with simple searches using Google and ShodanHQ, a site that helps "expose online devices."

@ntisec insisted his or her purpose was to make sure these gaps were closed, because "Most scada systems dont (sic) have the need to be webfaced."

Ars Technica notes that in 2009 a security guard in a Texas hospital learned of that facility's weak SCADA security and posted screen captures online that demonstrated he could take control of parts of the system used to control operating room temperatures. The guard ended up federal prison.

Given the large number of Niagara servers listed by @ntisec last January, we'll probably hear about several other intrusions before the holes are filled. Once that happens, maybe they'll just come for our smart TVs.

HoneyMap (screengrab)

The Honeynet Project has made monitoring the war in cyber space weirdly fascinating with its HoneyMap, which displays malicious attacks as they happen. The result is reminiscent of old animated maps from newsreels reporting on battles during World War II.

The Atlantic Wire explains how to read the HoneyMap:

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in.

The Honeynet Project is a worldwide chain of honeypots that track these attacks. As The Atlantic reports, some members of the network aren't pushing their data to the map, so it currently tends to display more attacks across Europe.

Betabeat observed several attacks occurring across Brazil and fewer in the United States, though it appears computers in Google's home city of Mountain View, California and Microsoft's area of Washington State are under sustained attack throughout the day. A large number of the attacks come from various locations in Russia, however we spotted a few actually coming from servers in Mountain View.

Try to not lose a few minutes gazing at the HoneyMap making exploding sounds with your mouth as each red dot bursts on the screen.

He will crack you. (Image by Devdsp on Flickr)

We don't want to scare anyone, but Dan Goodin's Ars Technica article published late Monday illustrates at length why everyone who uses the Internet for anything at all should consider changing their passwords. Actions that once required supercomputing can be done from desktops now and when it comes to security, that's spooky stuff:

Newer hardware and modern techniques have also helped to contribute to the rise in password cracking. Now used increasingly for computing, graphics processors allow password-cracking programs to work thousands of times faster than they did just a decade ago on similarly priced PCs that used traditional CPUs alone. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers.

The warning notes only sound more ominous as Mr. Goodin uses high profile hacks from the last few years to illustrate just how far the dark art of breaking into your online life has come.

For example, the epic hack of 32 million passwords from RockYou.com in 2009 was a watershed moment in cracking. Thanks to a SQL injection attack that allowed hackers to publish them online, Mr. Goodin writes that "almost overnight, the unprecedented corpus of real-world credentials changed the way whitehat and blackhat hackers alike cracked passwords."

The RockYou attack basically made old dictionary-style password cracking, in which cracking programs rotate through giant lists of words in attempt to establish a key, obsolete. Using patterns culled from RockYou and other sources as well as profiling possible password selection, crackers have made huge leaps in breaking both weak encryption and in taking advantage of Internet users' lazy thinking.

Per Thorsheim, one of the security experts consulted by Goodin, says a basic, long-standing piece of advice about protecting passcodes remains golden: use a new password for every site.

Crackers can probably break anything involving your childhood pet, street address and grandma's birthday, but at least the damage might be contained to one site if they do. Which is fine, unless we're talking about your bank account.

Are you not entertained? (Photo: flickr.com/dullhunk

Today the Guardian features an interview with John Arquilla, who is a a professor of defence analysis at the US Naval Postgraduate School. In it, he argues that the government's time and energy would be better spent recruiting black hats, rather than arresting them: "The brilliance of hacking experts could be put to use on behalf of the US in the same way as German rocket scientists were enlisted after the second world war."

We can’t imagine the Anons would like to compared to Nazis, in any analogy. Nor is his argument that ne'erdowells can be flipped terribly novel. But in making his case, it started to sound like perhaps Mr. Arquilla has a different agenda.

He told the Guardian:

"Let's just say that in some places you find guys with body piercings and non-regulation haircuts. But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them."

He added, waxing romantic:

 "This is huge human capital. They are the rangers of the cyber sphere. Most of them are drawn to it for its beauty and complexity."

"Rangers of Cyberspace"? That's not a defense strategy, that's a television show that we would automatically DVR. Cut to a boardroom in Burbank:

"So there's this grizzled general, and he tells his second-in-command--who is just back from Afghanistan--to round up some computer freaks. He finds a Lisbeth Salander type, someone who looks like Sabu, a guy who's like Mark Zuckerberg without the Facebook, and..."

Someone get J.J. Abrams on the phone, tell him we've got him an idea.

Sorry, we can't help ourselves. (http://commons.wikimedia.org/)

Could the Flame malware infection be any more straight out of a spy movie? Answer: nope. Ars Technica reports that attackers have now issued a "suicide" command to the infected computers, thereby essentially scrubbing its tracks.

Discovered by Kaspersky Lab, the malware has made headlines because of the eye-catching little detail that, at 20 megabytes, it's much bigger than the dreaded Stuxnet and designed to collect dirt on the user of the infected machine. That said, it's not a particularly far-reaching infection, targeting largely computers in the Middle East, including Iran. Unsurprisingly, it's thought to be nation-state designed, rather than the work of cyber criminals. Cyber criminals can probably jack your password without designing something that big. 

Symantec researchers broke it down (in a post dramatically named "Flamer: Urgent Suicide"):

Late last week, some Flamer command-and-control (C&C) servers sent an updated command to several compromised computers. This command was designed to completely remove Flamer from the compromised computer. The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers.

Ars Technica interprets:

As a result, the compromised computers in the honeypot [deliberately infected computers, used to study things like Flame] deleted at least 163 files and four folders belonging to the sprawling set of modular code. The self-destruct mechanism then overwrote the disk with random characters to prevent researchers from studying the files.

Maybe everyone's gotten in wrong and Flame is an incredibly sophisticated viral marketing campaign for an upcoming Tom Clancy novel. Hey, it could happen.

The firm surveyed 1,861 IT and security pros, the majority from organizations bigger than 500 employees. 64 percent expect to face cyber attacks in the next six months, and 61 percent point to Anonymous and its hacktivist fellow travelers as the most likely attackers. More generally, a solid two-thirds of respondents believe we’re really seeing an uptick in the rate of attacks, thanks to more hackers, stronger state-sponsored efforts, and so forth. They’re not exactly pulling that out of thin air, either. For one thing, attacks on financial companies tripled year-over-year in the first quarter of 2012.

It doesn’t sound like IT folks are feeling too good about their current security solutions, either. A mere 26 percent feel that their organizations’ laptops and desktops are protected, which goes a long way toward explaining why it feels like major breaches occur every couple of weeks.

The answer, as always, is better best practices: Get employees to stop opening sketchy email attachments and using random thumb drives. But given that even a security juggernaut like RSA can be brought low by spear phishing, that’s far easier said than done.